github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 07:30:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
89908cdb47
discourse/lib/guardian/topic_guardian.rb
Patrick ffb29dea77 Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter 
Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-10 21:22:54 -06:00

85 lines
2.3 KiB
Ruby
Raw Blame History

#mixin for all guardian methods dealing with topic permisions
module TopicGuardian
# Can the user create a topic in the forum
def can_create?(klass, parent=nil)
return false unless authenticated? && klass
# If no parent is provided, we look for a can_i_create_klass?
# custom method.
#
# If a parent is provided, we look for a method called
# can_i_create_klass_on_parent?
target = klass.name.underscore
if parent.present?
return false unless can_see?(parent)
target << "_on_#{parent.class.name.underscore}"
end
create_method = :"can_create_#{target}?"
return send(create_method, parent) if respond_to?(create_method)
true
end
def can_remove_allowed_users?(topic)
is_staff?
end
# Creating Methods
def can_create_topic?(parent)
user && user.trust_level >= SiteSetting.min_trust_to_create_topic.to_i && can_create_post?(parent)
end
def can_create_topic_on_category?(category)
can_create_topic?(nil) && (
!category ||
Category.topic_create_allowed(self).where(:id => category.id).count == 1
)
end
def can_create_post_on_topic?(topic)
# No users can create posts on deleted topics
return false if topic.trashed?
is_staff? || (not(topic.closed? || topic.archived? || topic.trashed?) && can_create_post?(topic))
end
# Editing Method
def can_edit_topic?(topic)
!topic.archived && (is_staff? || is_my_own?(topic))
end
# Recovery Method
def can_recover_topic?(topic)
is_staff?
end
def can_delete_topic?(topic)
!topic.trashed? &&
is_staff? &&
!(Category.exists?(topic_id: topic.id))
end
def can_reply_as_new_topic?(topic)
authenticated? && topic && not(topic.private_message?) && @user.has_trust_level?(:basic)
end
def can_see_topic?(topic)
if topic
is_staff? ||
topic.deleted_at.nil? &&
# not secure, or I can see it
(not(topic.read_restricted_category?) || can_see_category?(topic.category)) &&
# NOTE
# At the moment staff can see PMs, there is some talk of restricting this, however
# we still need to allow staff to join PMs for the case of flagging ones
# not private, or I am allowed (or is staff)
(not(topic.private_message?) || authenticated? && (topic.all_allowed_users.where(id: @user.id).exists? || is_staff?))
end
end
end
Reference in New Issue View Git Blame Copy Permalink